From 88a64d204766e9afe0406aaa3bf71fb4a2570d9d Mon Sep 17 00:00:00 2001 From: luxferre Date: Thu, 28 May 2026 10:56:08 +0100 Subject: [PATCH] feat: root user dependencies also allow super admins --- src/auth/dependencies.py | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/src/auth/dependencies.py b/src/auth/dependencies.py index 7c17d02..e85ef9c 100644 --- a/src/auth/dependencies.py +++ b/src/auth/dependencies.py @@ -19,6 +19,13 @@ from src.organisation.models import Organisation as Org from src.auth.exceptions import UnauthorizedException +def is_super_admin(user_model) -> bool: + super_admin_emails = ["chris@sr2.uk"] + if user_model.email not in super_admin_emails: + raise UnauthorizedException() + return True + + async def org_query_user_claims(org_model: org_model_query_dependency, user_model: user_model_claims_dependency): if user_model in org_model.user_rel: return True @@ -33,6 +40,9 @@ async def org_query_root_claims(user_model: user_model_claims_dependency, org_mo if org_model.root_user_id == user_model.id: return org_model + if is_super_admin(user_model): + return org_model + raise UnauthorizedException() @@ -43,17 +53,20 @@ async def org_body_root_claims(user_model: user_model_claims_dependency, org_mod if org_model.root_user_id == user_model.id: return org_model + if is_super_admin(user_model): + return org_model + raise UnauthorizedException() org_model_root_claim_body_dependency = Annotated[type[Org], Depends(org_body_root_claims)] -async def is_super_admin(user_model: user_model_claims_dependency): - super_admin_emails = [] - if user_model.email not in super_admin_emails: - raise UnauthorizedException() - return True +async def user_model_super_admin(user_model: user_model_claims_dependency): + if is_super_admin(user_model): + return user_model + + raise UnauthorizedException() -super_admin_dependency = Annotated[bool, Depends(is_super_admin)] +super_admin_dependency = Annotated[bool, Depends(user_model_super_admin)]